CVE-2026-0636 — LDAP Injection in OF THE Bouncy Castle INC Bc-java

CWE-90 — LDAP Injection3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 80.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Legion OF THE Bouncy Castle INC Bc-java

Timeline

PublishedApr 15

Latest updateApr 17

Description

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.84.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N

Affected Packages1 packages

▶CVEListV5legion_of_the_bouncy_castle_inc/bc-java1.74 — 1.84

🔴Vulnerability Details

GHSA

Bouncy Castle has an LDAP injection↗2026-04-17

▶

VulDB

Legion of the Bouncy Castle BC-JAVA up to 1.83 LDAPStoreHelper.java ldap injection↗2026-04-15

▶